Global spam volumes dropped in early 2011 to their lowest levels since 2007, from a peak of about 5 trillion messages a day worldwide in July 2010 to about 1.5 trillion a day in March. But that drop gives end users and security officials little breathing room, said Dave Marcus, director of security research at McAfee Labs.

"Most of the stuff that ends up in the mailbox still is suspicious if not downright malicious," said Marcus, one of the authors of the report. The ratio of spam to legitimate e-mail was about 3-to-1 at the end of the first quarter.

"It is easier to profile high-end corporations and prominent people than ever before" because of the amount of information available online, Marcus said. "That's the downside of the Information Age. The attackers have a complete understanding of the environment" they are targeting.

Another downside to technology is the growth in malicious code for mobile devices, especially those running the Google Android operating system. The Symbian OS remains the No. 1 target for mobile malware because of its 75 percent share of the market, and Android remains in third place overall behind Java 2 Micro Edition. But Android became the second most-targeted OS in the first quarter, and its share is expected to continue growing.

"Malware threats to the mobile platform continue to evolve in sophistication and functionality at a pace that in many ways eclipses that of PC-based malware," the report states.

"Mobile is going to be troublesome for quite some time," Marcus said. The market share of Android malware is growing quickly because of the rapid adoption of phones that use the OS and the distribution channel for third-party applications. Unlike the system for Apple iPhones, Android applications are not closely controlled and vetted.

"This is already being abused and is going to cause a lot more abuse in the future," Marcus added.

Mobile malware for stealing bank account information is becoming more common, and mobile platforms will become increasingly attractive to criminals as more mission-critical activities are conducted on them, Marcus said.

The drop in spam volume in the first quarter was caused primarily by the takedown of much of the Rustock botnet command-and-control network by law enforcement and security providers. Despite that success, McAfee reported some growth in the decapitated botnet at the end of the quarter and predicted that it would rebuild in the coming months.

But volume is not everything. The threat of well-crafted spear phishing has been demonstrated by recent high-profile attacks that appear to have breached EMC's RSA Security Division, Oak Ridge National Laboratory, Sony, Lockheed Martin, Google and others. Defeating those attacks with filters is challenging, if not impossible.

"You can craft an e-mail that will be able to get through every time," Marcus said. "That negates technological know-how and security expertise."

The solution is to better educate and train end users, he said. Most users are aware of the problem, but training to recognize and properly respond to malicious e-mail is inadequate. "These are two completely different things," Marcus said. "We can do one of them much better."

One of the most effective responses to a suspicious e-mail message is to wait a beat -- or three -- before responding to it, read it critically and, if necessary, call someone to verify its legitimacy. That can be inconvenient for both parties, but "it's a classic case of risk management," Marcus said.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).